Follow up regarding iTunes:
Why is iTunes not impacted by this attack, even if the RSS feeds are infected?
-This is because the script tags are encoded by iTunes and therefore the malicious code isn’t run on a user’s computer.